1 /*
2 * This file is part of the openHiTLS project.
3 *
4 * openHiTLS is licensed under the Mulan PSL v2.
5 * You can use this software according to the terms and conditions of the Mulan PSL v2.
6 * You may obtain a copy of Mulan PSL v2 at:
7 *
8 * http://license.coscl.org.cn/MulanPSL2
9 *
10 * THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
11 * EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
12 * MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
13 * See the Mulan PSL v2 for more details.
14 */
15
16 #include "hitls_build.h"
17 #if defined(HITLS_CRYPTO_SHA1) && !defined(HITLS_CRYPTO_SHA1_SMALL_MEM)
18
19 #include <stdlib.h>
20 #include "securec.h"
21 #include "crypt_errno.h"
22 #include "crypt_utils.h"
23 #include "bsl_err_internal.h"
24 #include "crypt_sha1.h"
25
26 #ifdef __cplusplus
27 extern "C" {
28 #endif /* __cpluscplus */
29
30 /* e767 is because H is defined in SHA1 and MD5.
31 But the both the macros are different. So masked
32 this error */
33
34 #define K0 0x5A827999
35 #define K1 0x6ED9EBA1
36 #define K2 0x8F1BBCDC
37 #define K3 0xCA62C1D6
38
39 #define F0(b, c, d) (((b) & (c)) | ((~(b)) & (d)))
40 #define F1(b, c, d) (((b) ^ (c)) ^ (d))
41 #define F2(b, c, d) (((b) & (c)) | ((b) & (d)) | ((c) & (d)))
42 #define F3(b, c, d) (((b) ^ (c)) ^ (d))
43
44 #define ROUND00_15(s, a, b, c, d, e, temp, w, Kt) \
45 do { \
46 (temp) = ROTL32(a, 5) + F##Kt(b, c, d) + (e) + (w)[s] + K##Kt; \
47 (b) = ROTL32(b, 30); \
48 } while (0)
49
50 #define ROUND16_79(t, a, b, c, d, e, temp, w, Kt) \
51 do { \
52 (w)[(t) & 0xF] = ROTL32( \
53 (w)[((t) + 13) & 0xF] ^ (w)[((t) + 8) & 0xF] ^ (w)[((t) + 2) & 0xF] ^ (w)[(t) & 0xF], 1); \
54 ROUND00_15((t) & 0xF, a, b, c, d, e, temp, w, Kt); \
55 } while (0)
56
SHA1_Step(const uint8_t * input,uint32_t len,uint32_t * h)57 const uint8_t *SHA1_Step(const uint8_t *input, uint32_t len, uint32_t *h)
58 {
59 uint32_t temp;
60 uint32_t w[16];
61 const uint8_t *data = input;
62 uint32_t dataLen = len;
63
64 while (dataLen >= CRYPT_SHA1_BLOCKSIZE) {
65 /* Convert data into 32 bits for calculation. */
66 w[0] = GET_UINT32_BE(data, 0);
67 w[1] = GET_UINT32_BE(data, 4);
68 w[2] = GET_UINT32_BE(data, 8);
69 w[3] = GET_UINT32_BE(data, 12);
70 w[4] = GET_UINT32_BE(data, 16);
71 w[5] = GET_UINT32_BE(data, 20);
72 w[6] = GET_UINT32_BE(data, 24);
73 w[7] = GET_UINT32_BE(data, 28);
74 w[8] = GET_UINT32_BE(data, 32);
75 w[9] = GET_UINT32_BE(data, 36);
76 w[10] = GET_UINT32_BE(data, 40);
77 w[11] = GET_UINT32_BE(data, 44);
78 w[12] = GET_UINT32_BE(data, 48);
79 w[13] = GET_UINT32_BE(data, 52);
80 w[14] = GET_UINT32_BE(data, 56);
81 w[15] = GET_UINT32_BE(data, 60);
82
83 uint32_t a = h[0];
84 uint32_t b = h[1];
85 uint32_t c = h[2];
86 uint32_t d = h[3];
87 uint32_t e = h[4];
88
89 // Required by referring to section 6.2 in rfc3174. To ensure performance,
90 // the variables A\b\c\d\e\TEMP are reused cyclically.
91 ROUND00_15(0, a, b, c, d, e, temp, w, 0);
92 ROUND00_15(1, temp, a, b, c, d, e, w, 0);
93 ROUND00_15(2, e, temp, a, b, c, d, w, 0);
94 ROUND00_15(3, d, e, temp, a, b, c, w, 0);
95 ROUND00_15(4, c, d, e, temp, a, b, w, 0);
96 ROUND00_15(5, b, c, d, e, temp, a, w, 0);
97 ROUND00_15(6, a, b, c, d, e, temp, w, 0);
98 ROUND00_15(7, temp, a, b, c, d, e, w, 0);
99 ROUND00_15(8, e, temp, a, b, c, d, w, 0);
100 ROUND00_15(9, d, e, temp, a, b, c, w, 0);
101 ROUND00_15(10, c, d, e, temp, a, b, w, 0);
102 ROUND00_15(11, b, c, d, e, temp, a, w, 0);
103 ROUND00_15(12, a, b, c, d, e, temp, w, 0);
104 ROUND00_15(13, temp, a, b, c, d, e, w, 0);
105 ROUND00_15(14, e, temp, a, b, c, d, w, 0);
106 ROUND00_15(15, d, e, temp, a, b, c, w, 0);
107
108 ROUND16_79(16, c, d, e, temp, a, b, w, 0);
109 ROUND16_79(17, b, c, d, e, temp, a, w, 0);
110 ROUND16_79(18, a, b, c, d, e, temp, w, 0);
111 ROUND16_79(19, temp, a, b, c, d, e, w, 0);
112
113 ROUND16_79(20, e, temp, a, b, c, d, w, 1);
114 ROUND16_79(21, d, e, temp, a, b, c, w, 1);
115 ROUND16_79(22, c, d, e, temp, a, b, w, 1);
116 ROUND16_79(23, b, c, d, e, temp, a, w, 1);
117 ROUND16_79(24, a, b, c, d, e, temp, w, 1);
118 ROUND16_79(25, temp, a, b, c, d, e, w, 1);
119 ROUND16_79(26, e, temp, a, b, c, d, w, 1);
120 ROUND16_79(27, d, e, temp, a, b, c, w, 1);
121 ROUND16_79(28, c, d, e, temp, a, b, w, 1);
122 ROUND16_79(29, b, c, d, e, temp, a, w, 1);
123 ROUND16_79(30, a, b, c, d, e, temp, w, 1);
124 ROUND16_79(31, temp, a, b, c, d, e, w, 1);
125 ROUND16_79(32, e, temp, a, b, c, d, w, 1);
126 ROUND16_79(33, d, e, temp, a, b, c, w, 1);
127 ROUND16_79(34, c, d, e, temp, a, b, w, 1);
128 ROUND16_79(35, b, c, d, e, temp, a, w, 1);
129 ROUND16_79(36, a, b, c, d, e, temp, w, 1);
130 ROUND16_79(37, temp, a, b, c, d, e, w, 1);
131 ROUND16_79(38, e, temp, a, b, c, d, w, 1);
132 ROUND16_79(39, d, e, temp, a, b, c, w, 1);
133
134 ROUND16_79(40, c, d, e, temp, a, b, w, 2);
135 ROUND16_79(41, b, c, d, e, temp, a, w, 2);
136 ROUND16_79(42, a, b, c, d, e, temp, w, 2);
137 ROUND16_79(43, temp, a, b, c, d, e, w, 2);
138 ROUND16_79(44, e, temp, a, b, c, d, w, 2);
139 ROUND16_79(45, d, e, temp, a, b, c, w, 2);
140 ROUND16_79(46, c, d, e, temp, a, b, w, 2);
141 ROUND16_79(47, b, c, d, e, temp, a, w, 2);
142 ROUND16_79(48, a, b, c, d, e, temp, w, 2);
143 ROUND16_79(49, temp, a, b, c, d, e, w, 2);
144 ROUND16_79(50, e, temp, a, b, c, d, w, 2);
145 ROUND16_79(51, d, e, temp, a, b, c, w, 2);
146 ROUND16_79(52, c, d, e, temp, a, b, w, 2);
147 ROUND16_79(53, b, c, d, e, temp, a, w, 2);
148 ROUND16_79(54, a, b, c, d, e, temp, w, 2);
149 ROUND16_79(55, temp, a, b, c, d, e, w, 2);
150 ROUND16_79(56, e, temp, a, b, c, d, w, 2);
151 ROUND16_79(57, d, e, temp, a, b, c, w, 2);
152 ROUND16_79(58, c, d, e, temp, a, b, w, 2);
153 ROUND16_79(59, b, c, d, e, temp, a, w, 2);
154
155 ROUND16_79(60, a, b, c, d, e, temp, w, 3);
156 ROUND16_79(61, temp, a, b, c, d, e, w, 3);
157 ROUND16_79(62, e, temp, a, b, c, d, w, 3);
158 ROUND16_79(63, d, e, temp, a, b, c, w, 3);
159 ROUND16_79(64, c, d, e, temp, a, b, w, 3);
160 ROUND16_79(65, b, c, d, e, temp, a, w, 3);
161 ROUND16_79(66, a, b, c, d, e, temp, w, 3);
162 ROUND16_79(67, temp, a, b, c, d, e, w, 3);
163 ROUND16_79(68, e, temp, a, b, c, d, w, 3);
164 ROUND16_79(69, d, e, temp, a, b, c, w, 3);
165 ROUND16_79(70, c, d, e, temp, a, b, w, 3);
166 ROUND16_79(71, b, c, d, e, temp, a, w, 3);
167 ROUND16_79(72, a, b, c, d, e, temp, w, 3);
168 ROUND16_79(73, temp, a, b, c, d, e, w, 3);
169 ROUND16_79(74, e, temp, a, b, c, d, w, 3);
170 ROUND16_79(75, d, e, temp, a, b, c, w, 3);
171 ROUND16_79(76, c, d, e, temp, a, b, w, 3);
172 ROUND16_79(77, b, c, d, e, temp, a, w, 3);
173 ROUND16_79(78, a, b, c, d, e, temp, w, 3);
174 ROUND16_79(79, temp, a, b, c, d, e, w, 3);
175
176 // Let H0 = H0 + a, H1 = H1 + b, H2 = H2 + c, H3 = H3 + d, H4 = H4 + e.
177 // Because A, B, C, D and E are reused, after the last round of conversion, A = e, b = temp, c = a, d = b, e = c
178 h[0] += e; // H[0] += a
179 h[1] += temp; // H[1] += b
180 h[2] += a; // H[2] += c
181 h[3] += b; // H[3] += d
182 h[4] += c; // H[4] += e
183
184 data += CRYPT_SHA1_BLOCKSIZE;
185 dataLen -= CRYPT_SHA1_BLOCKSIZE;
186 }
187
188 return data;
189 }
190
191 #ifdef __cplusplus
192 }
193 #endif
194
195 #endif // HITLS_CRYPTO_SHA1 && !HITLS_CRYPTO_SHA1_SMALL_MEM
196